Enable AWS Role Assuming (#379)

* update scripts with assume role behaviour * update genrules to pass aws role arn
runwhen-contrib · May 31, 2024 · b7d0bb7 · b7d0bb7
1 parent f197cd4
commit b7d0bb7
Show file tree

Hide file tree

Showing 24 changed files with 252 additions and 22 deletions.
diff --git a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-sli.yaml
@@ -32,4 +32,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml b/codebundles/aws-eks-health/.runwhen/templates/aws-eks-health-taskset.yaml
@@ -28,4 +28,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/codebundles/aws-eks-health/check_eks_cluster_health.sh b/codebundles/aws-eks-health/check_eks_cluster_health.sh
@@ -1,8 +1,25 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 # AWS_REGION
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 # get list of eks clusters
 eks_clusters=$(aws eks list-clusters --region $AWS_REGION --output json --query 'clusters[*]' | jq -r '.[]')

diff --git a/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh b/codebundles/aws-eks-health/check_eks_fargate_cluster_health_status.sh
@@ -1,8 +1,25 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 # AWS_REGION
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 # get list of eks clusters
 eks_clusters=$(aws eks list-clusters --region $AWS_REGION --output json --query 'clusters[*]' | jq -r '.[]')

diff --git a/codebundles/aws-eks-health/list_eks_fargate_metrics.sh b/codebundles/aws-eks-health/list_eks_fargate_metrics.sh
@@ -1,8 +1,26 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 # AWS_REGION
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
+
 METRICS_LIST="vCPU Memory CPUUtilization Duration OnDemand Spot"
 START=$(date -d "1 day ago" +%s)
 END=$(date +%s)

diff --git a/codebundles/aws-eks-health/runbook.robot b/codebundles/aws-eks-health/runbook.robot
@@ -23,6 +23,7 @@ Check EKS Fargate Cluster Health Status
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     IF    "Error" in """${process.stdout}"""
         RW.Core.Add Issue    title=EKS Fargate Cluster in ${AWS_REGION} is Unhealthy
         ...    severity=3
@@ -41,6 +42,7 @@ Check EKS Cluster Health Status
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     IF    "Error" in """${process.stdout}"""
         RW.Core.Add Issue    title=EKS Cluster in ${AWS_REGION} is Unhealthy
         ...    severity=3
@@ -59,6 +61,7 @@ List EKS Cluster Metrics
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     RW.Core.Add Pre To Report    ${process.stdout}
 
 
@@ -76,10 +79,15 @@ Suite Initialization
     ...    type=string
     ...    description=AWS Secret Access Key
     ...    pattern=\w*
+    ${AWS_ROLE_ARN}=    RW.Core.Import Secret   AWS_ROLE_ARN
+    ...    type=string
+    ...    description=AWS Role ARN
+    ...    pattern=\w*
 
     Set Suite Variable    ${AWS_REGION}    ${AWS_REGION}
     Set Suite Variable    ${AWS_ACCESS_KEY_ID}    ${AWS_ACCESS_KEY_ID}
     Set Suite Variable    ${AWS_SECRET_ACCESS_KEY}    ${AWS_SECRET_ACCESS_KEY}
+    Set Suite Variable    ${AWS_ROLE_ARN}    ${AWS_ROLE_ARN}
 
 
     Set Suite Variable

diff --git a/codebundles/aws-eks-health/sli.robot b/codebundles/aws-eks-health/sli.robot
@@ -16,13 +16,14 @@ Library             Process
 Suite Setup         Suite Initialization
 
 *** Tasks ***
-Check EKS Fargate Cluster Health Status
+Check EKS Cluster Health Status
     [Documentation]   This script checks the health status of an Amazon EKS cluster.
     [Tags]  EKS    Cluster Health    AWS    Kubernetes    Pods    Nodes  
-    ${process}=    RW.CLI.Run Bash File    check_eks_cluster_health_status.sh
+    ${process}=    RW.CLI.Run Bash File    check_eks_cluster_health.sh
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     IF    "Error" in """${process.stdout}"""
         RW.Core.Push Metric    0
     ELSE
@@ -43,10 +44,15 @@ Suite Initialization
     ...    type=string
     ...    description=AWS Secret Access Key
     ...    pattern=\w*
+    ${AWS_ROLE_ARN}=    RW.Core.Import Secret   AWS_ROLE_ARN
+    ...    type=string
+    ...    description=AWS Role ARN
+    ...    pattern=\w*
 
     Set Suite Variable    ${AWS_REGION}    ${AWS_REGION}
     Set Suite Variable    ${AWS_ACCESS_KEY_ID}    ${AWS_ACCESS_KEY_ID}
     Set Suite Variable    ${AWS_SECRET_ACCESS_KEY}    ${AWS_SECRET_ACCESS_KEY}
+    Set Suite Variable    ${AWS_ROLE_ARN}    ${AWS_ROLE_ARN}
 
     Set Suite Variable
     ...    &{env}

diff --git a/...les/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml b/...les/aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-sli.yaml
@@ -32,4 +32,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/...aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml b/...aws-elasticache-redis-health/.runwhen/templates/aws-elasticache-redis-health-taskset.yaml
@@ -28,4 +28,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh b/codebundles/aws-elasticache-redis-health/analyze_aws_elasticache_redis_metrics.sh
@@ -1,8 +1,25 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 # AWS_REGION
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 # Variables
 METRIC_NAMESPACE="AWS/ElastiCache"

diff --git a/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh b/codebundles/aws-elasticache-redis-health/monitor_redis_performance.sh
@@ -1,8 +1,26 @@
 #!/bin/bash
-source ./auth.sh
+
 # Environment Variables:
 # AWS_REGION
 # REDIS_PASSWORD
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 SLOWLOG_ENTRY_LIMIT="10"
 

diff --git a/codebundles/aws-elasticache-redis-health/redis_status_scan.sh b/codebundles/aws-elasticache-redis-health/redis_status_scan.sh
@@ -1,8 +1,25 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 # AWS_REGION
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 # Variables
 serverless_caches=$(aws elasticache describe-serverless-caches --region "$AWS_REGION")

diff --git a/codebundles/aws-elasticache-redis-health/runbook.robot b/codebundles/aws-elasticache-redis-health/runbook.robot
@@ -23,6 +23,7 @@ Scan AWS Elasticache Redis Status
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     RW.Core.Add Pre To Report    ${process.stdout}
     IF    "Snapshot retention limit is set to 0" in """${process.stdout}"""
         RW.Core.Add Issue    title=Snapshots not configured for Elasticache in region ${AWS_REGION}
@@ -57,11 +58,16 @@ Suite Initialization
     ...    type=string
     ...    description=AWS Secret Access Key
     ...    pattern=\w*
+    ${AWS_ROLE_ARN}=    RW.Core.Import Secret   AWS_ROLE_ARN
+    ...    type=string
+    ...    description=AWS Role ARN
+    ...    pattern=\w*
 
 
     Set Suite Variable    ${AWS_REGION}    ${AWS_REGION}
     Set Suite Variable    ${AWS_ACCESS_KEY_ID}    ${AWS_ACCESS_KEY_ID}
     Set Suite Variable    ${AWS_SECRET_ACCESS_KEY}    ${AWS_SECRET_ACCESS_KEY}
+    Set Suite Variable    ${AWS_ROLE_ARN}    ${AWS_ROLE_ARN}
 
 
     Set Suite Variable

diff --git a/codebundles/aws-elasticache-redis-health/sli.robot b/codebundles/aws-elasticache-redis-health/sli.robot
@@ -23,6 +23,7 @@ Scan ElastiCaches
     ...    env=${env}
     ...    secret__AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
     ...    secret__AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+    ...    secret__AWS_ROLE_ARN=${AWS_ROLE_ARN}
     Log    ${process.stdout}
     Log    ${process.stderr}
     IF    ${process.rc} != 0
@@ -46,10 +47,15 @@ Suite Initialization
     ...    type=string
     ...    description=AWS Secret Access Key
     ...    pattern=\w*
+    ${AWS_ROLE_ARN}=    RW.Core.Import Secret   AWS_ROLE_ARN
+    ...    type=string
+    ...    description=AWS Role ARN
+    ...    pattern=\w*
 
     Set Suite Variable    ${AWS_REGION}    ${AWS_REGION}
     Set Suite Variable    ${AWS_ACCESS_KEY_ID}    ${AWS_ACCESS_KEY_ID}
     Set Suite Variable    ${AWS_SECRET_ACCESS_KEY}    ${AWS_SECRET_ACCESS_KEY}
+    Set Suite Variable    ${AWS_ROLE_ARN}    ${AWS_ROLE_ARN}
 
     Set Suite Variable
     ...    &{env}

diff --git a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-sli.yaml
@@ -32,4 +32,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml b/codebundles/aws-lambda-health/.runwhen/templates/aws-lambda-health-taskset.yaml
@@ -28,4 +28,6 @@ spec:
     - name: AWS_ACCESS_KEY_ID
       workspaceKey: {{custom.aws_access_key_id}}
     - name: AWS_SECRET_ACCESS_KEY
-      workspaceKey: {{custom.aws_secret_access_key}}
+      workspaceKey: {{custom.aws_secret_access_key}}
+    - name: AWS_ROLE_ARN
+      workspaceKey: {{custom.aws_role_arn}}
diff --git a/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh b/codebundles/aws-lambda-health/analyze_lambda_invocation_errors.sh
@@ -1,9 +1,25 @@
 #!/bin/bash
-source ./auth.sh
 
 # Environment Variables:
 #AWS_REGION
-
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 SINCE="24h"
 

diff --git a/codebundles/aws-lambda-health/list_lambda_runtimes.sh b/codebundles/aws-lambda-health/list_lambda_runtimes.sh
@@ -1,6 +1,22 @@
 #!/bin/bash
-source ./auth.sh
-
+auth() {
+    # if required AWS_ cli vars are not set, error and exit 1
+    if [[ -z $AWS_ACCESS_KEY_ID || -z $AWS_SECRET_ACCESS_KEY  || -z $AWS_REGION ]]; then
+        echo "AWS credentials not set. Please set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables."
+        exit 1
+    fi
+    # if AWS_ROLE_ARN then assume the role using sts and override the pre-existing key ENVs
+    if [[ -n $AWS_ROLE_ARN ]]; then
+        sts_output=$(aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "AssumeRoleSession")
+        AWS_ACCESS_KEY_ID=$(echo "$sts_output" | jq -r '.Credentials.AccessKeyId')
+        AWS_SECRET_ACCESS_KEY=$(echo "$sts_output" | jq -r '.Credentials.SecretAccessKey')
+        AWS_SESSION_TOKEN=$(echo "$sts_output" | jq -r '.Credentials.SessionToken')
+        export AWS_ACCESS_KEY_ID
+        export AWS_SECRET_ACCESS_KEY
+        export AWS_SESSION_TOKEN
+    fi
+}
+auth
 
 # Fetch all Lambda function names
 function_names=$(aws lambda list-functions --query 'Functions[*].FunctionName' --output text)